Proposed PATCH: cplus-dem.c bug fix
Tom Tromey
tromey@cygnus.com
Tue Mar 30 12:15:00 GMT 1999
A symbol like this:
_Utf390_1__1_9223372036854775807__9223372036854775
will cause the current cplus-dem.c to crash. Symbols like this can be
generated by the Java front end. Perhaps it is wrong to generate
symbols like this; however, that is irrelevant, since cplus-dem.c
should not crash in any case.
Here is my proposed patch.
1999-02-23 Tom Tromey <tromey@cygnus.com>
* cplus-dem.c (consume_count): If `count' wraps, return 0 and
don't advance input pointer.
(demangle_class_name): If consume_count didn't find a count, do
nothing.
Tom
Index: cplus-dem.c
===================================================================
RCS file: /cvs/cvsfiles/devo/libiberty/cplus-dem.c,v
retrieving revision 1.102
diff -u -r1.102 cplus-dem.c
--- cplus-dem.c 1999/03/17 00:21:01 1.102
+++ cplus-dem.c 1999/03/30 19:45:57
@@ -429,12 +429,22 @@
consume_count (type)
const char **type;
{
- int count = 0;
+ unsigned int count = 0;
+ char *save = *type;
while (isdigit ((unsigned char)**type))
{
count *= 10;
count += **type - '0';
+ /* A sanity check. Otherwise a symbol like
+ `_Utf390_1__1_9223372036854775807__9223372036854775'
+ can cause this function to return a negative value.
+ In this case we just consume until the end of the string. */
+ if (count > strlen (*type))
+ {
+ *type = save;
+ return 0;
+ }
(*type)++;
}
return (count);
@@ -1959,7 +1969,7 @@
int success = 0;
n = consume_count (mangled);
- if ((int) strlen (*mangled) >= n)
+ if (n > 0 && (int) strlen (*mangled) >= n)
{
demangle_arm_hp_template (work, mangled, n, declp);
success = 1;
More information about the Gcc-patches
mailing list